Information Security News

Is your IP address personal information?iT News (blog)Late last year, myself and InfoSec expert Darren Pauli met with CIOs, lawyers and IT security experts to drum out a best practice response to ensuring your systems and processes are compliant. We've put together what I expect to be an easily-digested ...

According to a Reuters report based on "sources familiar with attacks on other merchants," Nieman Marcus and Target weren't the only high-profile, US retailers to be hacked during the 2013 holiday season. The news agency did not identify what specific retailers have also been affected, but it reports at least three other US retailers ("with outlets in malls") suffered breaches that have yet to be publicly disclosed.

These additional attacks allegedly implemented the same techniques that infiltrated Target. While Target has not officially disclosed any techniques, Reuters' sources said one of the hacking tools was a RAM scraper. The news agency describes this as memory-parsing software "which enables cyber criminals to grab encrypted data by capturing it when it travels through the live memory of a computer, where it appears in plain text."

RAM scraping is not a new tactic and Ars Security Editor Dan Goodin has covered similar tools before (see sidebar). He notes RAM scraping is useful when dealing with encrypted information, since sometimes the only way to access the underlying plaintext is to extract it from computer memory. Still, it's important to note the RAM scraping detail from Reuters is still speculative and the agency acknowledges it's only one of a variety of techniques that may be involved.

We have been notified that some of you have received repeated notifications being sent out regarding a recently-published diary. Notification has been turned off while we are investigating the issue. We apologize about the inconvenience.